是否有Clang Static Analyzer检查器是否存在sqlite问题?
[英]Are there any Clang Static Analyzer checkers for sqlite issues?
问题描述
The Clang Static Analyzer used by Xcode uses checkers to identify warnings and errors in source code. 
Xcode使用的Clang静态分析器使用检查器来识别源代码中的警告和错误。 I'd like to use a checker to detect when sqlite is used with sqlite3_prepare_v2 being called without calling sqlite3_finalize . 我想用一个检查时,SQLite是与用于检测sqlite3_prepare_v2被称为不调用sqlite3_finalize 。
Here is a list of existing checkers. 以下是现有检查程序的列表。
http://clang-analyzer.llvm.org/available_checks.html http://clang-analyzer.llvm.org/available_checks.html
And here is a list of potential checkers. 这是潜在检查者的列表。
http://clang-analyzer.llvm.org/potential_checkers.html http://clang-analyzer.llvm.org/potential_checkers.html
Are there any checkers out there specific to sqlite which could address this issue? 是否有特定于sqlite的检查程序可以解决此问题? Is there another way to automatically detect missing/unbalanced calls? 还有另一种自动检测丢失/不平衡呼叫的方法吗?
2 个解决方案
解决方案1
0 2014-01-21 05:26:57
Unfortunately No way. 不幸的是没有办法。
Only you can do is, make sure you have written the sqlite3_finalize inside the sqlite3_prepare block instead of writing outside. 只有您能做的是,确保已在sqlite3_prepare块内编写了sqlite3_finalize而不是在外部编写。 This will handle sqlite3_prepare failure issues. 这将处理sqlite3_prepare失败问题。
if(sqlite3_prepare(dbfile,query,-1,&statement,0)==SQLITE_OK)
{
int res=sqlite3_step(statement);
result=res;
sqlite3_finalize(statement);
}
If you are wtitten sqlite3_finalize outside the sqlite3_prepare block, it will cause issues while sqlite3_prepare statement fails. 如果您wtitten sqlite3_finalize外sqlite3_prepare块,它会同时导致问题sqlite3_prepare语句失败。
Please look at this example: Accessing a SQLite Database with C++ 请看下面的例子: 用C ++访问SQLite数据库
解决方案2
0 2014-12-05 12:27:35
有一个Clang静态分析器,您可以在https://github.com/XSecurity/XSecurity中找到它
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.